| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <m1zmfct966.fsf@ebiederm.dsl.xmission.com> Date: Fri, 14 Jul 2006 10:58:57 -0600 From: ebiederm@...ssion.com (Eric W. Biederman) To: "Serge E. Hallyn" <serue@...ibm.com> Cc: Cedric Le Goater <clg@...ibm.com>, linux-kernel@...r.kernel.org, Andrew Morton <akpm@...l.org>, Kirill Korotaev <dev@...nvz.org>, Andrey Savochkin <saw@...ru>, Herbert Poetzl <herbert@...hfloor.at>, Sam Vilain <sam.vilain@...alyst.net.nz>, Dave Hansen <haveblue@...ibm.com> Subject: Re: [PATCH -mm 5/7] add user namespace "Serge E. Hallyn" <serue@...ibm.com> writes: > Quoting Eric W. Biederman (ebiederm@...ssion.com): >> "Serge E. Hallyn" <serue@...ibm.com> writes: >> >> No. The uids in a filesystem are interpreted in some user namespace >> >> context. We can discover that context at the first mount of the >> >> filesystem. Assuming the uids on a filesystem are the same set >> >> of uids your process is using is just wrong. >> > >> > But, when I insert a usb keychain disk into my laptop, that fs assumes >> > the uids on it's fs are the same as uids on my laptop... >> >> I agree that setting the fs_user_namespace at mount time is fine. >> However when we use a mount that a process in another user namespace >> we need to not assume the uids are the same. >> >> Do you see the difference? > > Aaah - so you don't want to store this on the fs. So this is actually > like what I had mentioned many many emails ago? Quite possibly. I'm not certain where you go the idea I was thinking of storing this on the fs. I think you must have been thinking of the Linux-Vserver implementation. >> Actually I was thinking something as mundane as a mapping table. This >> uid in this namespace equals that uid in that other namespace. > > I see. > > That's also what I was imagining earlier, but it seems crass somehow. > I'd almost prefer to just tag a mount with a user namespace implicitly, > and only allow the mounter to say 'do' or 'don't' allow this to be read > by users in another namespace. Then in the 'don't' case, user joe > [1000] can't read files belonging to user jack [1000] in another > namespace. It's stricter, but clean. > > But whether we do mapping tables or simple isolation, I do still like > the idea of pursuing the use of the keystore for global uids. Yes. I guess my thinking is that the mapping effort and keys are an enhancement after we get the basic user namespace working, to overcome the limitations. Eric - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists